Researchers Uncovered A New Technique For Stealing Login Credentials
Researchers at security firm Cylance has uncovered a new technique for stealing login credentials from any Windows PC, tablet or server.
The vulnerability, dubbed as Redirect to SMB allows attackers to
steal user credentials by hijacking communications with legitimate web
servers via man-in-the-middle attacks, then sending them to malicious
SMB (server message block) servers that force them to spit out the
victim’s username, domain and hashed password.
Attack Scenario:
The attack is based on a vulnerability discovered by Aaron
Spangler in 1997. He found that supplying URLs beginning with the word
“file” (such as file://1.1.1.1/) to Internet Explorer would cause the
operating system to attempt to authenticate with a SMB server at the IP
address 1.1.1.1. These “file” URLs could be provided as an image,
iframe, or any other web resource resolved by the browser.
Affected Softwares:
Adobe Reader, Apple QuickTime, Apple Software Update, Internet
Explorer, Windows Media Player, Excel 2010, Microsoft Baseline Security
Analyzer, Symantec’s Norton Security Scan, AVG Free, BitDefender Free,
Comodo Antivirus, .NET Reflector, Maltego CE, Box Sync,
TeamViewer, Github for Windows, PyCharm, IntelliJ IDEA, PHP Storm and
JDK 8u31’s installer.
